security

To browse the web more securely you should use the browser plugins uBlock and uMatrix.

uBlock (https://www.ublock.org/) is a powerful advertisement blocker that does not allow for paid whitelisting like adblock does, you as the user remain in control over which ads you want to block. It is open source and also blocks trackers. Furthermore it is less likely to be detected by anti-ad-block mechanisms which some sites deploy to coerce you into enabling ads.

uMatrix (https://github.com/gorhill/uMatrix) is another browser plugin that can help you with your browsing experience, although is more targeted at advanced users. It effectively acts as a firewall for your browser that by default blocks cookies, scripts, plugins, css, images, frames and XHR. The user is expected to whitelist for each website which functionality it is allowed to use, which makes very fine grained control possible. It may seem annoying to use at first since you need to whitelist sites that you trust, but in my experience it is worth it.

Taggings:

One unfortunate side-effect of the passphrased private key is that you will be asked for the passphrase each time the web server is started. Obviously this is not necessarily convenient as someone will not always be around to type in the passphrase, such as after a reboot or crash.

Next you have to enter the pass phrase from your previously generated private key:Enter pass phrase for private.key:

During the generation process of the CSR you will have to provide some information for the X.509 attributes like a Country Name, but you don't have to provide all of the asked information. If you enter '.', the field will be left blank.

Snippet from the console output of the asked information:...
Country Name (2 letter code) [AU]: .
State or Province Name (full name) [Some-State]: .
Locality Name (eg, city) []: .
...

Taggings:

Developers, especially unexperienced PHP developers, have a tendency to not care much care about security-related issues. This is true for the problem of secure sessions, too - and the reason why attackers of a certain website or service can easily hijack sessions to get access to data, which they should not have access to.
Because HTTP is a stateless protocol, sessions are required to identify a certain client on multiple requests. In PHP this identification is done via "session IDs", which are exchanged by the client and the webserver on each request (the session ID may be stored as a Cookie, in the URL or hidden field). The server stores the session ID locally to identify a certain client if the session ID is available in a certain request.
If an attacker is able to steal the session ID of a certain client, the server will "think", that the attacker is the client. As a result, the attacker will be able to do everything, the client is allowed to do.
How do I implement a session management system in PHP (and generally), which is more secure and more protected against "session hijacking" attempts?

Taggings:

Many countries around the world like China or Iran do not provide freedom of Internet browsing. YouTube or news providing websites may be blocked by a government. In some cases like in Tunisia of before the revolution, even links to proxies are blocked. So how is it possible to get pass the walls of web-blocking ?

Taggings:

First researches showed, that there are several standards for the range of software development (e.g. IEEE 730, 829, 830,…) particularly with the emphasis of quality management. In addition there are guidelines for IT-security (ISO 27001) or the standard according BSI. In the center of these regulations there is the demand of preserving security, but rarely a hint of the operational way how to come to it.
Only A7700 - „requirements in terms of safety at Web applications contains “a practice-oriented approach and a complete cover of the safety requirement at Web application.
On basis of A7700 an assignment guideline was developed, considering the internal requirements (architecture, used data bases,…), which must be added with every procurement of a Web application.
Link: ÖNORM A 7700 (http://www.a7700.org/)